Posted
by
Soulskillon Tuesday November 20, 2012 @04:45PM
from the doing-it-wrong dept.

concealment sends this quote from MIT's Technology Review:
"AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But Andrew Auernheimer, an online activist who pointed out AT&T's blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week. Groups like the Electronic Frontier Foundation worry that should that charge succeed it will become easy to criminalize many online activities, including work by well-intentioned activists looking for leaks of private information or other online security holes. [Auernheimer's] case hasn't received much attention so far, but should he be found guilty this week it will likely become well known, fast."

seem to be having increasing difficulty distinguishing the letter of the law versus the spirit of the law. Anything to add yet another successful prosecution to their resume with no concern as to the effects on others or the betterment of society.

Would you be saying something different if someone found a warehouse door open and reported it on a scrounger web site before they reported it to the owner of the warehouse? Data has value just like merchandise. The issue is not what they did but the way they did it. A true White Hat hacker would have told the company first and given them a chance to fix it before publicizing it.

Even better analogy;1.Leave confidential material in a folder in an unlocked room.(create an mechanism on the server to access info without proper security)2. Someone come along and search the room (make semi-random requests to the server)3. Copy the information in the folder (record the server responses)4. Publish where the room is, where the folder is and the contents of the folder. (put the server name, request format and received data out on the internet)A true White had would have told the company before publishing the breach and they would not have tried hundreds of thousands of requests. Just because there is not a lock on the door does not mean one can rummage through the room, copy the information and publish it.